From d6a8bb144c689a3ae49523d3497c6356c03efbb8 Mon Sep 17 00:00:00 2001 From: Federico Ceratto Date: Tue, 29 Oct 2019 15:53:05 +0000 Subject: [PATCH] Deploy fastpath Push sshfeeder pubkey on collectors --- ansible/deploy-fastpath.yml | 6 +++ ansible/inventory | 3 ++ ansible/roles/fastpath/tasks/main.yml | 42 +++++++++++++++++++ .../roles/fastpath/templates/fastpath.conf.j2 | 7 ++++ ansible/roles/ooni-collector/tasks/main.yml | 2 +- 5 files changed, 59 insertions(+), 1 deletion(-) create mode 100644 ansible/deploy-fastpath.yml create mode 100644 ansible/roles/fastpath/tasks/main.yml create mode 100644 ansible/roles/fastpath/templates/fastpath.conf.j2 diff --git a/ansible/deploy-fastpath.yml b/ansible/deploy-fastpath.yml new file mode 100644 index 00000000..eadd362a --- /dev/null +++ b/ansible/deploy-fastpath.yml @@ -0,0 +1,6 @@ +--- +- import_playbook: ansible-version.yml + +- hosts: fastpath.ooni.nu + roles: + - role: fastpath diff --git a/ansible/inventory b/ansible/inventory index 11c5d40f..0e128522 100644 --- a/ansible/inventory +++ b/ansible/inventory @@ -190,6 +190,9 @@ staticiforme.torproject.org # tor LDAP [no_nodeexp:children] no_passwd # no passwd => no nodeexp user ;-) +[fastpath] +fastpath.ooni.nu + ######################################################################## # TO DELETE. # Stopped VMs that should be deleted from GH and DNS after some grace period: diff --git a/ansible/roles/fastpath/tasks/main.yml b/ansible/roles/fastpath/tasks/main.yml new file mode 100644 index 00000000..884174a6 --- /dev/null +++ b/ansible/roles/fastpath/tasks/main.yml @@ -0,0 +1,42 @@ +--- + +# Deploy the fastpath +# +# Deploy .deb package to the fastpath host +# +# Fetch SSH pubkey and deploy it on the collector hosts +# +# Set the hostname of the collectors in the fastpath config file + +# Usage: place the .deb file in files/ +# update the version number as needed + +- name: copy fastpath .deb package + copy: + src: files/fastpath_0.1_all.deb + dest: /root/ + owner: root + group: root + mode: '0644' + +# Leave a copy of the .deb in /root as an emergency backup for rollbacks + +- name: install .deb using dpkg + apt: + deb: '{{ item }}' + state: present + with_items: + - /root/fastpath_0.1_all.deb + +- name: Fetch sshfeeder pubkey from fastpath host + slurp: + src: /var/lib/fastpath/ssh/id_ed25519.pub + register: sshfeeder_pubkey_b64encoded + +- name: generate fastpath.conf file with collectors + template: + owner: "root" + group: "root" + mode: '0644' + src: "fastpath.conf.j2" + dest: "/etc/fastpath.conf" diff --git a/ansible/roles/fastpath/templates/fastpath.conf.j2 b/ansible/roles/fastpath/templates/fastpath.conf.j2 new file mode 100644 index 00000000..a6f4de97 --- /dev/null +++ b/ansible/roles/fastpath/templates/fastpath.conf.j2 @@ -0,0 +1,7 @@ +# Deployed by ansible +# deploy-fastpath.yml +# roles/fastpath/tasks/main.yml +# roles/fastpath/templates/fastpath.conf.j2 + +[DEFAULT] +collectors = {{ groups['have_collector'] | join(' ') }} diff --git a/ansible/roles/ooni-collector/tasks/main.yml b/ansible/roles/ooni-collector/tasks/main.yml index 1582d8c3..10db0951 100644 --- a/ansible/roles/ooni-collector/tasks/main.yml +++ b/ansible/roles/ooni-collector/tasks/main.yml @@ -154,4 +154,4 @@ authorized_key: user: sshfeeder state: present - key: "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAID3MZP0tYUzaZOZa8JhRIx3PiTXwXfwQdTPa/RwDmwcA" + key: " {{ sshfeeder_pubkey_b64encoded | b64decode }} "